On Sat, Apr 29, 2017 at 02:05:47PM +0200, Nicolas Sebrecht wrote: > > You should either use fingerprint or sslcacertfile but not both. > Sorry for the delay in posting. Here is the output using
fingerprint only: Account sync xx: *** Processing account xx Establishing connection to imap.gmail.com:993 (masphys-remote) ERROR: Server SSL fingerprint 'cc64f9a1815c618562b8f4962d2b353bb7a57852' for hostname 'imap.gmail.com' does not match configured fingerprint(s) ['f3043dd689a2e7dddfbef82703a6c65ea9b634c1']. Please verify and set 'cert_fingerprint' accordingly if not set yet. *** Finished account 'xx' in 0:00 ERROR: Exceptions occurred during the run! ERROR: Server SSL fingerprint 'cc64f9a1815c618562b8f4962d2b353bb7a57852' for hostname 'imap.gmail.com' does not match configured fingerprint(s) ['f3043dd689a2e7dddfbef82703a6c65ea9b634c1']. Please verify and set 'cert_fingerprint' accordingly if not set yet. cert only: Account sync xx: *** Processing account xx Establishing connection to imap.gmail.com:993 (masphys-remote) ERROR: Unknown SSL protocol connecting to host 'imap.gmail.com' for repository 'masphys-remote'. OpenSSL responded: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661) *** Finished account 'xx' in 0:00 ERROR: Exceptions occurred during the run! ERROR: Unknown SSL protocol connecting to host 'imap.gmail.com' for repository 'masphys-remote'. OpenSSL responded: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661) > You might like to manually check your CA cert file like this: > > http://www.offlineimap.org/doc/FAQ.html#checking-the-ssl-certificate > $ openssl s_client -showcerts -connect imap.gmail.com:993 CONNECTED(00000003) depth=1 C = GB, ST = Oxfordshire, O = Sophos, OU = NSG, CN = Sophos SSL CA_C44315332603-JSSZTA, emailAddress = [email protected] verify error:num=19:self signed certificate in certificate chain --- Certificate chain 0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=imap.gmail.com i:/C=GB/ST=Oxfordshire/O=Sophos/OU=NSG/CN=Sophos SSL CA_C44315332603-JSSZTA/[email protected] -----BEGIN CERTIFICATE----- MIIDLDCCAhSgAwIBAgIEBpx/aDANBgkqhkiG9w0BAQUFADCBkTELMAkGA1UEBhMC R0IxFDASBgNVBAgMC094Zm9yZHNoaXJlMQ8wDQYDVQQKDAZTb3Bob3MxDDAKBgNV BAsMA05TRzEqMCgGA1UEAwwhU29waG9zIFNTTCBDQV9DNDQzMTUzMzI2MDMtSlNT WlRBMSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QHNvcGhvcy5jb20wHhcNMTcwNDIx MDg0OTEzWhcNMTcwNzE0MDgyNjAwWjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwK Q2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29v Z2xlIEluYzEXMBUGA1UEAwwOaW1hcC5nbWFpbC5jb20wgZ8wDQYJKoZIhvcNAQEB BQADgY0AMIGJAoGBAL2ol6Iy+Ai8KgNWaI4MhO7XaDPRJ/5qtOk6J6Q7BFuncfD0 ZtQUoBx0gLA1WOHKPMJm9oMdJjrtFtcAE/ssYKYNB+QnFuntLhZepIz5p1ceWB+w +OfktbNaRW5RRBkrXlCQoUBBwW+MWiKQgXorMTO41nYeelcYWJU6tmPIYAaHAgMB AAGjODA2MAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgXgMBkGA1UdEQQSMBCCDmlt YXAuZ21haWwuY29tMA0GCSqGSIb3DQEBBQUAA4IBAQCLOWT8u2VwIxAGxrgbgd/R udT+RYQuOjKUGh0hkPtOR5RiTZyUI/HpQXvs4+978g8HrO8H63fVkeagjHNYm1hV Z7wB7IwNxxqJ6ZVs2ve2rlSxoGyg2q/kkwKzGr8bhwp8VmhZDmfjQ1787OpGCQ1m ZBz5EJtjWjjtdurBe+sr0FeJYpBaAIIC8Kje7fe4GUEcj9iRTXSguthetfOt7Awl 4FZ+SYcHuvELJBoYlflYVSD51/GjuGyAHHkDGTZLtJixzfgW8Nx8nCteSJQigcYn P0DWY2qi+qDcHsER9paSMbMYR/e9ab0Ykb2R/+8XYrQVDQM/0OFcuv3CvVOIJ48f -----END CERTIFICATE----- 1 s:/C=GB/ST=Oxfordshire/O=Sophos/OU=NSG/CN=Sophos SSL CA_C44315332603-JSSZTA/[email protected] i:/C=GB/ST=Oxfordshire/O=Sophos/OU=NSG/CN=Sophos SSL CA_C44315332603-JSSZTA/[email protected] -----BEGIN CERTIFICATE----- MIIElTCCA32gAwIBAgIBATANBgkqhkiG9w0BAQUFADCBkTELMAkGA1UEBhMCR0Ix FDASBgNVBAgMC094Zm9yZHNoaXJlMQ8wDQYDVQQKDAZTb3Bob3MxDDAKBgNVBAsM A05TRzEqMCgGA1UEAwwhU29waG9zIFNTTCBDQV9DNDQzMTUzMzI2MDMtSlNTWlRB MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QHNvcGhvcy5jb20wIhgPMjAxNTA4MDEw MDAwMDBaGA8yMDM2MTIzMTIzNTk1OVowgZExCzAJBgNVBAYTAkdCMRQwEgYDVQQI DAtPeGZvcmRzaGlyZTEPMA0GA1UECgwGU29waG9zMQwwCgYDVQQLDANOU0cxKjAo BgNVBAMMIVNvcGhvcyBTU0wgQ0FfQzQ0MzE1MzMyNjAzLUpTU1pUQTEhMB8GCSqG SIb3DQEJARYSc3VwcG9ydEBzb3Bob3MuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC AQ8AMIIBCgKCAQEAxxdnOnCkoi0wjPgR3zQQa5tXi2CTXo04qoy5PJ5M69xF7sa4 LgSpFFMHs8NoVGv+Z+RBvV2ExjGr+2Fdgzt0LG0Y0J3jpD1NX7x5o5WhC0w/J7eY 0jm1JA/9wcWUCZbmo9Q0/fy+dhr35Zs1QTGW1ehLGUH5nPsuUp/0aDorDBJ3/1Mj iy58k5YRppC92A6Ha/hRk5/N5DnOEOVW29kFBqV56RrZ+D27iaub33szPuPOhQ0B o2i0mhSDlQGJhIKkfkxdTVlrsarIpDfUEU/eE+eBWj2U2SEDkJclr7GIDx6LGZBK 00r9aSz8M/g+YNzgxJkJ8FJKFwFF51+RIv/pVQIDAQABo4HxMIHuMB0GA1UdDgQW BBSQqff2qm+621FXBvvAXtMxeOZkYzCBvgYDVR0jBIG2MIGzgBSQqff2qm+621FX BvvAXtMxeOZkY6GBl6SBlDCBkTELMAkGA1UEBhMCR0IxFDASBgNVBAgMC094Zm9y ZHNoaXJlMQ8wDQYDVQQKDAZTb3Bob3MxDDAKBgNVBAsMA05TRzEqMCgGA1UEAwwh U29waG9zIFNTTCBDQV9DNDQzMTUzMzI2MDMtSlNTWlRBMSEwHwYJKoZIhvcNAQkB FhJzdXBwb3J0QHNvcGhvcy5jb22CAQEwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0B AQUFAAOCAQEAtfg/XN1IOWNrxrAZVZA6wArSmYzmp5LJf12dne9E7GH+wkYmlUfH U2cS2Jfrm9NUKoMk22iZ0WeoUStsZAnsnxHfrVIvND7gnE3O3rc5OTSGuPn1z6y7 LtjQUIQ91MThS1R3ubZeRUw0tGlCvlrTTnigimmPnWt6NUFH0ciyJ4ryPuhL3bTo 8FsC1YkwqL3pG5AdtTCCjCJwqPEk5g6RcKapp5RcKrfkfuZH+5EirPgTUz8eCyC1 uKXqM8M5OUvE8RaR+dxuYVd0CqqPov4GFg/cZ7CVp0doXoJaMfAGNSl5QoQIsYGI cGvPsDY9OdTtClKsGIXPC6Aha8pljuKbWQ== -----END CERTIFICATE----- --- Server certificate subject=/C=US/ST=California/L=Mountain View/O=Google Inc/CN=imap.gmail.com issuer=/C=GB/ST=Oxfordshire/O=Sophos/OU=NSG/CN=Sophos SSL CA_C44315332603-JSSZTA/[email protected] --- No client certificate CA names sent --- SSL handshake has read 2328 bytes and written 390 bytes Verification error: self signed certificate in certificate chain --- New, SSLv3, Cipher is AES256-SHA Server public key is 1024 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : AES256-SHA Session-ID: 4E973E14E886D9325F006C4B7BACF4180BB0B66971F15F7BEC8B774578E6B7D1 Session-ID-ctx: Master-Key: 1D63C9E2CF37C0B51958F82A44E92AC5EAC29456A7E682E761894875AFAE5A05596378C1E5A71E1E59DE623FCCD5CE43 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 300 (seconds) TLS session ticket: 0000 - f3 df c5 be e6 51 58 bf-29 69 cb 7c 07 bd 2c e1 .....QX.)i.|..,. 0010 - db ac 7c fb d7 cf 05 1b-f4 29 80 c7 4a ef db 11 ..|......)..J... 0020 - 9b f1 10 e7 55 66 d9 58-a0 fd 85 04 c0 7f b0 78 ....Uf.X.......x 0030 - 2f 77 f2 d8 46 ab dc a9-8e af 77 68 a2 66 b7 f0 /w..F.....wh.f.. 0040 - 4c ad 79 c9 8f c8 3a 2b-a4 13 4e 81 6a 40 49 17 L.y...:+..N.j@I. 0050 - 6a 5d d9 03 ef 16 84 73-79 b3 b3 1c 49 d5 92 f6 j].....sy...I... 0060 - 85 88 ad 5c f2 e8 91 e0-dc d2 f2 43 90 c4 22 8f ...\.......C..". 0070 - 77 e9 f9 59 33 99 57 11-b0 34 f6 c1 e5 3d a3 d2 w..Y3.W..4...=.. 0080 - 1e c7 62 ad af 87 83 04-6f a6 29 31 f0 f4 61 da ..b.....o.)1..a. 0090 - 72 e6 65 55 b5 ae dc b6-50 17 9b f0 e1 9b a4 6b r.eU....P......k Start Time: 1493619375 Timeout : 7200 (sec) Verify return code: 19 (self signed certificate in certificate chain) Extended master secret: no --- * OK Gimap ready for requests from 14.139.155.135 ul17mb220053154obc ^C Regards. -- Sridhar M. A. Sorry. Nice try. _______________________________________________ OfflineIMAP-project mailing list: [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/offlineimap-project OfflineIMAP homepages: - https://github.com/OfflineIMAP - http://offlineimap.org
